infrastructure for a secure interface between wireless and wired networks
Download
Skip this Video
Download Presentation
Infrastructure for a Secure Interface between Wireless and Wired Networks

Loading in 2 Seconds...

play fullscreen
1 / 10

Infrastructure for a Secure Interface between Wireless and Wired Networks - PowerPoint PPT Presentation


  • 80 Views
  • Uploaded on

Infrastructure for a Secure Interface between Wireless and Wired Networks. Chen-Nee Chuah & Mark D. Spiller CS 261, Dec. 4, 1998. Mobile Services & Issues. Envisioned Service Types: How does one integrate the security of the wireless system and the (wire-based) services?

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Infrastructure for a Secure Interface between Wireless and Wired Networks' - joann


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
infrastructure for a secure interface between wireless and wired networks

Infrastructure for a Secure Interface between Wireless and Wired Networks

Chen-Nee Chuah & Mark D. Spiller

CS 261, Dec. 4, 1998

mobile services issues
Mobile Services & Issues
  • Envisioned Service Types:
  • How does one integrate the security of the wireless system and the (wire-based) services?
  • What levels of trust are possible, and with whom?
gsm overview
GSM Overview

AS: {Ki, IMSI}

  • Phone company authenticates and sets up encrypted connection before any data transfer.
  • Shared secret between SIM and AS allows the setup of a secure link between the BS and the mobile unit.
  • BS is trusted per session by handset and AS.
  • GSM’s security assumed sufficient.

GSM Network

AS

2.{Rand, SRES,Kc}

1.{IMSI/TMSI}

BS

Encrypted

with Kc

4.{SRES}

3.{Rand}

SIM: {Ki, IMSI}

ideal gsm service interface
Ideal GSM Service Interface

AS: {Ki1, SRES1,Kc}

  • Ideal Case: Separate secret and encrypted link to SG
  • AS/BS provide connection, but not trusted
  • Not feasible with current GSM infrastructure

GSM Network

AS

SG: {Ki1, SRES1,Kc}

SG

BS

S

S

Components:

  • Handsets/SIM
  • Base Station (BS)
  • Authentication Station (AS)
  • Service Gateway (SG)
  • Intermediate proxies?
  • Services (S)

Encrypted

with Ks

Encrypted

with Kc

SIM: {{Ki1,SRES1,Kc},

{Ki2, SRES2,Ks}}

service interfaces for gsm
Service Interfaces for GSM

AS: {Ki, SRES, Kc}

  • Design variables, given GSM authentication, secure air channel, and existing deployed base:
    • Who connects to the SG (AS,BS)?
    • The security along that link
  • SG entrusted with Ki, re-authenticates user via some sort of re-challenge, or
  • Shared secret between phone company (AS) and SG.
  • Lack of ability to change phone forces some trust of BS

GSM Network

AS

SG

BS

S

S

Encrypted

with Kc

SIM: {Ki,SRES,Kc}

service gateway sg issues
Service Gateway (SG) Issues
  • What is provided on the service side to
    • Authenticate the user?
    • Provide security & trust in the BS-SG and SG-S links?
  • Design variables:
    • How much do we trust SG versus the phone company?
    • What are the costs involved (e.g. backward compatibility)?
    • What are the inherent limitations (SIM cards, handsets, base stations, services)?
implementation of infrastructure
Implementation of Infrastructure

Uses existing Iceberg test-bed - Changes required:

  • Additional intelligence in UPSIM (PLUS) that controls BS
    • Recognize service request and forward to IP-PAD
  • IPPAD sub-module and SG interfaces
    • Authenticate user via BS, and get ticket/key to set up encrypted channel from BS to services (Models 2 & 3).

IPPAD

BS

SG

S

UPSIM

S

Ethernet

conclusions future work
Conclusions & Future Work
  • It would have been nice if service support had been designed into the GSM spec from the start.
  • We explored some solutions for secure service access, but:
    • The existing technology infrastructure & protocols are limited (e.g.double encryption (hardware/software))
      • Too much trust in the BS and phone company
        • Best case uses time-stamped session key/ticket to avoid replay attack, and password changes to revoke BS trust
    • The means of choosing and interacting with services from a phone are limited (some standard way/number/etc is needed).
  • Future Issues:
    • Compatibility between different systems.
    • How do proxies fit into the security model?
header
Header?

GSM

Services...

ad